基于Feistel结构的超轻量级分组密码算法(PFP)
|
摘要
面向无线终端资源受限环境对加密算法的应用需求,借鉴PRESENT算法的设计思想,采用Feistel结构,并修改扩散层的P置换,设计了一种超轻量级分组密码算法PFP。其硬件实现需要1355GE,优于PRESENT算法,满足资源极端受限环境的需求(2000GE以下)。速度测试结果表明,PFP算法的软件实现效率约为PRESENT算法的1.5倍。依赖性测试、线性分析、差分分析、不可能差分分析和密钥编排攻击表明,PFP算法满足轻量级分组密码的安全需求。
To meet the application requirement for cipher algorithms in the resource-constrained terminal system such as the limited energy supply etc,an ultra-lightweight block cipher named PFP was designed by using the experience of PRESENT algorithm for reference.The iterative structure of PFP algorithm is Feistel structure.Its permutation was modified in diffusion layer.It requires only 1355 GE with hardware implementation of PFP algorithm,which is better than the PRESENT.And it also fulfills the requirement of environment with extremely constrained resource(no more than 2000GE).Test results show that the speed of PFP algorithm is about 50% faster than PRESENT.Depen-dence test,linear analysis,differential analysis,impossible differential analysis and key schedule attack show that the PFP algorithm can satisfy the security requirements of the lightweight block cipher algorithm.
To meet the application requirement for cipher algorithms in the resource-constrained terminal system such as the limited energy supply etc,an ultra-lightweight block cipher named PFP was designed by using the experience of PRESENT algorithm for reference.The iterative structure of PFP algorithm is Feistel structure.Its permutation was modified in diffusion layer.It requires only 1355 GE with hardware implementation of PFP algorithm,which is better than the PRESENT.And it also fulfills the requirement of environment with extremely constrained resource(no more than 2000GE).Test results show that the speed of PFP algorithm is about 50% faster than PRESENT.Depen-dence test,linear analysis,differential analysis,impossible differential analysis and key schedule attack show that the PFP algorithm can satisfy the security requirements of the lightweight block cipher algorithm.
引文
[1]王育民,刘建伟.通信网的安全——理论与技术[M].西安:西安电子科技大学出版社,1999:69-456.
[2]SCHNEIER B.Applied Cryptography:Protocols,algorithms and source code in C[M].Beijing:China Machine Press,2000:1-376.
[3]冯登国,林东岱,吴文玲.欧洲信息安全算法工程[M].北京:科学出版社,2003:1-190.
[4]吴文玲,冯登国,张文涛.分组密码的设计与分析[M].北京:清华大学出版社,2009:6-7,217-224,416-420.
[5]AXEL Y P B.Lightweight Cryptography:Cryptographic Engineering for a Pervasive World[D].Bochum:Ruhr-University Bochum,2009.
[6]吴文玲,范伟杰,张蕾.轻量级分组密码研究进展[M].北京:电子工业出版社,2010:140-159.
[7]BOGDANOV A,KNUDSEN L R,LEANDER G,et al.PRESENT:An Ultra-Lightweight Block Cipher[C]∥CHES 2007.LNCS 4727,Berlin Heidelberg:Springer-Verlag,2007:450-466.
[8]Information technology-Security techniques-Lightweight cryptography-Part 2:Block ciphers:ISO/IEC 29192-2[S].Geneva:ISO/IEC,2012.
[9]BADEL S,DAGTEKIN N,JR J N,et al.ARMADILLO:A Multi-purpose Cryptographic Primitive Dedicated to Hardware[M]∥Cryptograpic Hardware and Embedded Systems,CHES2010.LNCS 6225,Berlin Heidelberg:Springer-Verlag,2010:398-412.
[10]SERF P.The degrees of completeness,of avalanche effect,and of strict avalanche criterion for mars,rc6,rijndael,serpent,and twofish with reduced number of rounds[EB/OL].http://www.cosic.esat.kuleuven.ac.be/nessie/reports/phase1/sagwp3-003.pdf,2000-2-3.
[11]MATSUI M.Linear Cryptanalysis Method for DES Cipher[C]∥Advances in Cryptology-EUROCRYPT’93,LNCS 765.Berlin Heidelberg:Springer-Verlag,1993:386-397.
[12]冯登国.密码分析学[M].北京:清华大学出版社,2000:58-59.
[13]SHI Y Y.Research and Design of Block Cipher Algorithms[D].Nanjing:Nanjing University of Aeronautics&Astronautics,2014.(in Chinese)时阳阳.分组密码算法的研究与设计[D].南京:南京航空航天大学,2014.
[14]KANDA M,TAKASHIMA Y,MATSUMOTO T,et al.A Strategy for Constructing Fast Round Functions with Practical Security Against Differential and Linear Cryptanalysis[C]∥SAC’98.LNCS 1556,Berlin Heidelberg:Springer-Verlag,1999:264-279.
[15]KANDA M.Practical Security Evaluation against Differential and Linear Cryptanalysis for Feistel Ciphers with SPN Round Function[C]∥SAC 2000.LNCS 2012,Berlin Heidelberg:Springer-Verlag,2012:324-338.
[16]HONG S,LEE S,LIM J,et al.Provable Security against Differential and Linear Cryptanalysis for the SPN Structure[C]∥FSE 2000.LNCS 1978,Berlin Heidelberg:Springer-Verlag,2001:273-283.
[17]BIHAN E,SHAMIR A.Differential cryptanalysis of the data encryption standard[M].New York:Springer-Verlag,1993.
[18]BIHAN E,SHAMIR A.Differential Cryptanalysis of DES-like Cryptosystems[J].Journal of Cryptology,1991,4(1):3-72.
[19]LAI X,MASSEY J L.Markov Ciphers and Differential Cryptanalysis[M]∥Advances in Cryptology-ENCRYPT’91.LNCS547,Berlin Heidelberg:Springer-Verlag,1991:17-38.
[20]NYBERG K,KNUDSEN L R.Provable Security Against a Differential Attack[J].Journal of Cryptology,1995,8(1):27-37.
[21]BIHAM E,BIRYUKOV A,SHAMIR A.Cryptanalysis of Skipjack Reduced to 31Rounds using Impossible Differentials[M]∥Advances in Cryptology-EUROCRYPT’99.LNCS 3027,Berlin Heidelberg:Springer-Verlag,1999:12-23.
[22]BIHAM E.Cryptanalysis of Skipjack Reduced to 31Rounds Using Impossible Differential[J].Journal of Cryptology,2005,18(4):291-311.
[23]KIM J,HONG S,SUNG J,et al.Impossible Differential Cryptanalysis for Block Cipher Structures[C]∥INDOCRYPT 2003.LNCS 2904,Berlin Heidelberg:Springer-Verlag,2003:82-96.
[24]BIHAM E.New types of cryptanalytic attacks using related keys[J].Journal of Cryptology,1994,7(4):229-246.
[2]SCHNEIER B.Applied Cryptography:Protocols,algorithms and source code in C[M].Beijing:China Machine Press,2000:1-376.
[3]冯登国,林东岱,吴文玲.欧洲信息安全算法工程[M].北京:科学出版社,2003:1-190.
[4]吴文玲,冯登国,张文涛.分组密码的设计与分析[M].北京:清华大学出版社,2009:6-7,217-224,416-420.
[5]AXEL Y P B.Lightweight Cryptography:Cryptographic Engineering for a Pervasive World[D].Bochum:Ruhr-University Bochum,2009.
[6]吴文玲,范伟杰,张蕾.轻量级分组密码研究进展[M].北京:电子工业出版社,2010:140-159.
[7]BOGDANOV A,KNUDSEN L R,LEANDER G,et al.PRESENT:An Ultra-Lightweight Block Cipher[C]∥CHES 2007.LNCS 4727,Berlin Heidelberg:Springer-Verlag,2007:450-466.
[8]Information technology-Security techniques-Lightweight cryptography-Part 2:Block ciphers:ISO/IEC 29192-2[S].Geneva:ISO/IEC,2012.
[9]BADEL S,DAGTEKIN N,JR J N,et al.ARMADILLO:A Multi-purpose Cryptographic Primitive Dedicated to Hardware[M]∥Cryptograpic Hardware and Embedded Systems,CHES2010.LNCS 6225,Berlin Heidelberg:Springer-Verlag,2010:398-412.
[10]SERF P.The degrees of completeness,of avalanche effect,and of strict avalanche criterion for mars,rc6,rijndael,serpent,and twofish with reduced number of rounds[EB/OL].http://www.cosic.esat.kuleuven.ac.be/nessie/reports/phase1/sagwp3-003.pdf,2000-2-3.
[11]MATSUI M.Linear Cryptanalysis Method for DES Cipher[C]∥Advances in Cryptology-EUROCRYPT’93,LNCS 765.Berlin Heidelberg:Springer-Verlag,1993:386-397.
[12]冯登国.密码分析学[M].北京:清华大学出版社,2000:58-59.
[13]SHI Y Y.Research and Design of Block Cipher Algorithms[D].Nanjing:Nanjing University of Aeronautics&Astronautics,2014.(in Chinese)时阳阳.分组密码算法的研究与设计[D].南京:南京航空航天大学,2014.
[14]KANDA M,TAKASHIMA Y,MATSUMOTO T,et al.A Strategy for Constructing Fast Round Functions with Practical Security Against Differential and Linear Cryptanalysis[C]∥SAC’98.LNCS 1556,Berlin Heidelberg:Springer-Verlag,1999:264-279.
[15]KANDA M.Practical Security Evaluation against Differential and Linear Cryptanalysis for Feistel Ciphers with SPN Round Function[C]∥SAC 2000.LNCS 2012,Berlin Heidelberg:Springer-Verlag,2012:324-338.
[16]HONG S,LEE S,LIM J,et al.Provable Security against Differential and Linear Cryptanalysis for the SPN Structure[C]∥FSE 2000.LNCS 1978,Berlin Heidelberg:Springer-Verlag,2001:273-283.
[17]BIHAN E,SHAMIR A.Differential cryptanalysis of the data encryption standard[M].New York:Springer-Verlag,1993.
[18]BIHAN E,SHAMIR A.Differential Cryptanalysis of DES-like Cryptosystems[J].Journal of Cryptology,1991,4(1):3-72.
[19]LAI X,MASSEY J L.Markov Ciphers and Differential Cryptanalysis[M]∥Advances in Cryptology-ENCRYPT’91.LNCS547,Berlin Heidelberg:Springer-Verlag,1991:17-38.
[20]NYBERG K,KNUDSEN L R.Provable Security Against a Differential Attack[J].Journal of Cryptology,1995,8(1):27-37.
[21]BIHAM E,BIRYUKOV A,SHAMIR A.Cryptanalysis of Skipjack Reduced to 31Rounds using Impossible Differentials[M]∥Advances in Cryptology-EUROCRYPT’99.LNCS 3027,Berlin Heidelberg:Springer-Verlag,1999:12-23.
[22]BIHAM E.Cryptanalysis of Skipjack Reduced to 31Rounds Using Impossible Differential[J].Journal of Cryptology,2005,18(4):291-311.
[23]KIM J,HONG S,SUNG J,et al.Impossible Differential Cryptanalysis for Block Cipher Structures[C]∥INDOCRYPT 2003.LNCS 2904,Berlin Heidelberg:Springer-Verlag,2003:82-96.
[24]BIHAM E.New types of cryptanalytic attacks using related keys[J].Journal of Cryptology,1994,7(4):229-246.